group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #20693
[Bug 1708665] Re: prerotate.sh fails due to no shell for www-data user
This bug was fixed in the package awstats - 7.6+dfsg-1ubuntu2
---------------
awstats (7.6+dfsg-1ubuntu2) bionic; urgency=medium
[ Christian Ehrhardt ]
* debian/README.Debian, debian/prerotate.sh: fix logrotate integration due to
change of www-data to /usr/sbin/nologin (Closes: #858461, LP: #1708665)
-- Andreas Hasenack <andreas@xxxxxxxxxxxxx> Fri, 15 Dec 2017 18:55:12
-0200
** Changed in: awstats (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708665
Title:
prerotate.sh fails due to no shell for www-data user
Status in awstats package in Ubuntu:
Fix Released
Status in awstats source package in Xenial:
In Progress
Status in awstats source package in Zesty:
Won't Fix
Status in awstats source package in Artful:
In Progress
Status in awstats package in Debian:
New
Bug description:
[Impact]
The logrotate script that is responsible for updating awstats statistics does not run because the www-data user that it runs as does not have a valid shell.
This update adjusts the su command line to specify the same shell as
the script shebang line.
[Test Case]
To test, run the script:
Version with the bug:
$ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
No directory, logging in with HOME=/
This account is currently not available.
Fixed version:
$ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
No directory, logging in with HOME=/
Error while processing /etc/awstats/awstats.conf
Error: SiteDomain parameter not defined in your config/domain file. You must edit it for using this version of AWStats.
Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
Note the "fixed" version actually runs the script and complains about
something else, unrelated to this bug. The admin must complete the
installation of awstats before using it, but this test is enough to
verify the fix.
If you want to get a full run, you have to follow the instructions in the README.Debian file. Basically, at a minimum:
- edit /etc/awstats/awstats.conf and give SiteDomain a value
- change group ownership of /var/log/apache2 and /var/log/apache2/* to www-data (that's one solution). README.Debian has other ideas, and I would add using ACLs if your filesystem of choice supports them: "setfacl -m g:www-data:rx /var/log/apache2" and "setfacl -m g:www-data:r /var/log/apache2/*"
[Regression Potential]
Code that wasn't running before because of this bug will now run. If the user didn't complete the awstats configuration he/she will get more verbose cron emails.
[Other Info]
Users who have already worked around the issue by manually editing the logrotate file and adding "-s /bin/sh" or something similar will get a dpkg prompt when upgrading to this version:
Configuration file '/etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
=== Original description ===
This was found in Ubuntu 16.04. I have not tested other versions.
The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does
not run by default, because the 'www-data' user does not have a valid
shell by default.
root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
+ UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh
+ '[' -x /usr/share/awstats/tools/update.sh ']'
+ su -l -c /usr/share/awstats/tools/update.sh www-data
This account is currently not available.
We could give www-data a valid shell but my preferred fix is to edit
/etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly
specify the shell with '-s /bin/bash':
diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
--- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500
+++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31 17:07:54.122034426 -0500
@@ -2,5 +2,5 @@
UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh
if [ -x $UPDATE_SCRIPT ]
then
- su -l -c $UPDATE_SCRIPT www-data
+ su -l -c $UPDATE_SCRIPT -s /bin/bash www-data
fi
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/awstats/+bug/1708665/+subscriptions